Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,509 advisories

Loading
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed
CVE-2019-3929 was published May 24, 2022
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors Critical
CVE-2023-29507 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
tmortagne
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10 RisingZero
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-57520 was published Feb 6, 2025
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote... Critical Unreviewed
CVE-2020-36084 was published Feb 6, 2025
A vulnerability in Brocade SANnav ova versions before Brocade SANnav v2.3.1 and v2.3.0a exposes... Critical Unreviewed
CVE-2024-4173 was published Apr 25, 2024
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via... Critical Unreviewed
CVE-2019-3568 was published May 24, 2022
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to... Critical Unreviewed
CVE-2024-57968 was published Feb 3, 2025
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-2667 was published May 2, 2024
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows... Critical Unreviewed
CVE-2020-29574 was published May 24, 2022
Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the... Critical Unreviewed
CVE-2021-34235 was published Feb 12, 2022
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
Multiple rtmpdump vulnerabilities Critical
GHSA-vrpv-vw92-328g was published for rudloff/rtmpdump-bin (Composer) Feb 6, 2025
An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-48445 was published Feb 5, 2025
Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x,... Critical Unreviewed
CVE-2023-5878 was published Feb 6, 2025
OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for... Critical Unreviewed
CVE-2025-1066 was published Feb 6, 2025
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer... Critical Unreviewed
CVE-2020-29557 was published May 24, 2022
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows... Critical Unreviewed
CVE-2021-32030 was published May 24, 2022
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function... Critical Unreviewed
CVE-2020-26919 was published May 24, 2022
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an... Critical Unreviewed
CVE-2025-0982 was published Feb 6, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6260 was published Feb 20, 2024
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB... Critical Unreviewed
CVE-2024-51547 was published Feb 6, 2025
IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker... Critical Unreviewed
CVE-2024-51450 was published Feb 6, 2025
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from... Critical Unreviewed
CVE-2024-3411 was published Apr 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database